From warnold@eff.org Wed Aug 7 09:43:40 1991
Reply-To: comp-academic-freedom-talk@eff.org
Precedence: bulk
To: comp-academic-freedom-talk@eff.org
Return-Path:
Date: Mon, 5 Aug 91 21:47:32 -0400
From: warnold@eff.org (William W. Arnold)
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: R
Computers and Academic Freedom mailing list (batch edition)
Mon Aug 5 21:45:14 EDT 1991
In this issue:
SKAPUR@ccmail.SUny : Re: University Marketplace
FFDMG%ALASKA.BITNE : Re: University Marketplace
ara@zurich.ai.mit. : Fundamentalists vs. Academic Freedom
marchany@vtserf.cc : Re: Authority of Public Universities
TK0JUT1@MVS.CSO.NI : Re: Fundamentalists vs. Academic Freedom
bkottmann@falcon.a : Re: Deprecating grad credit transfer as a restraint o
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
-------------------
From: SKAPUR@ccmail.SUnysb.EDU (Sanjay Kapur)
Message-ID: <59ED9CFB4EA0F65F@ccmail.sunysb.edu>
Date: 4 Aug 91 00:34:00 GMT
Subject: Re: University Marketplace
>
>I wish I shared his optimism that market forces operated so neatly and cleanly
>in higher education. When is the last time you heard of a university shutting
>down, let alone shutting down because bad policies discouraged students from
>attending. The AAUP has been censuring universities for breaches in academic
>freedom for a long time. I donm't remember any of them closing down.
>(Although some of them have changed their policies as a result of AAUP's
>efforts to discourage faculty from accepting employment contracts with those
>institutions.)
I never said that students are attracted to Universities with liberal
policies. Some students may view too much academic freedom as a bad policy in
as much as it frees the instructor from teaching what is in the course
catalog.
In my opinion bad universities should shut down. The only issue is what
constitutes bad. Something that is automatically assumed by a large number of
people is that academic freedom automatically leads to better education.
Academic freedom is required for good research but too much academic freedom
may lead to bad instruction.
>
>My experience is that students are attracted to universities that charge what
>they can afford and that they look for the best quality within that price
>bracket, assuming they have the wherewithal to leave their home town or state.
>I've never know a student to pick a university because of its policies. They
>do pick because of programs and quality of programs, but not because of
>policies.
Charging a reasonable tuition is the first element of the policy of any school.
>
>Dean Gottehrer
>Anchorage, Alaska
Sanjay Kapur |Internet: Sanjay.Kapur@sunysb.edu
Systems Staff, Computing Services, |Bitnet: SKAPUR@USB
State University of New York, |SPAN/HEPnet: 44132::SKAPUR
Stony Brook, NY 11794-2400 |Phone:(516)632-8029, FAX:(516)632-8046
-------------------
From: FFDMG%ALASKA.BITNET@CORNELLC.cit.cornell.EDU (Dean Gottehrer)
Message-ID: <9108050251.AA18992@eff.org>
Date: 4 Aug 91 09:48:26 GMT
Subject: Re: University Marketplace
On August 1, Sanjay Kapur wrote:
Universities with bad policies will have no students left and will be forced
to shut down.
I responded that I wished I shared his optimism about market forces shutting
universities down, but asked when was the last time you heard of a university
shutting down, let alone shutting down because bad policies discouraged
students from attending.
Sanjay Kapur responded, in part:
In my opinion bad universities should shut down. The only issue is what
constitutes bad.
I think Sanjay Kapur shifts the ground of our discussion here. First he said
they will be forced to shut down, now he says in his opinion bad universities
should shut down. While he takes issue with academic freedom as an attribute
of a good university and a good education, he has not answered the basic
question about market forces affecting universities by forcing them to close,
except by shifting the ground to say well, they should. Again, I ask, when is
the last time you heard of a university shutting down, let alone because bad
policies, no matter how you define bad, discouraged students from attending?
Finally, I have to take issue with Sanjay Kapur that too much academic freedom
may lead to bad instruction. In fact, I would argue the exact opposite. The
purpose of academic freedom for faculty is to prevent the firing of tenured
faculty for teaching unpopular ideas in the classroom or for exploring
unpopular ideas in their research. Sanjay Kapur acknowledges the need for
academic freedom in research, but it is equally necessary in the classroom.
If tenured faculty could be fired for unpopular ideas, that would have a
chilling effect on what faculty would be willing to say. Ultimately it would
lead to academic pablum in the classroom because that would not get faculty in
trouble. Instruction would inevitably become worse.
Certainly, tenure has allowed incompetents (even reserach incompetents) to
have what amounts to lifetime jobs. The problem, however, is not the idea of
academic freedom and the concept of tenure, but the way in which tenure is
awarded. If the faculty are unwilling to weed out incompetents before they
achieve tenure, then the system is not working the way it should. We
shouldn't have to choose between academic freedom in the research lab or in
the classroom. Both are important and prevent the politicization of the
academy from becoming so blatant that faculty are fired for teaching or
researching something that offends someone who could have them fired.
Dean Gottehrer
Anchorage, Alaska
-------------------
From: ara@zurich.ai.mit.edu (Allan Adler)
Message-ID:
Date: 5 Aug 91 04:11:25 GMT
Subject: Fundamentalists vs. Academic Freedom
I have heard news reports for some time about how publishers of textbooks
for public schools were shying away from topics such as evolution that
might be the focus of disputes with fundamentalists at local schools.
I was surprised to learn though that some universities are likewise
intimidated by the fundamentalists. For example, a friend of mine
was the object of complaints that he was teaching satanism when he
lectured on the religions of India, a topic clearly pertinent to
understanding its history. Apparently, such protests have reached high
in the administrtaion and even to the state legislature in the state
where my friend teaches. Apparently no one really wants to stand up to
them and instead my friend is advised to try to go easy on the topics
in question.
I think it is useful to document and expose these activities on the part
of the fundamentalists. I wouldlike to read some discussion of:
(1) ways of going about this
(2) one groups that are already documenting and exposing these activities
(3) other incidents such as my friend experienced
Allan Adler
ara@zohar.ai.mit.edu
Disclaimer: Assuming that it would make sense to say that an institution
believes something, the opinions I have recorded here do not necessarily
reflect the beliefs of MIT.
-------------------
From: marchany@vtserf.cc.vt.edu (Randy Marchany)
Message-ID: <2072@vtserf.cc.vt.edu>
Date: 5 Aug 91 13:48:39 GMT
References: <1991Jul30.202126.7529@eff.org> <1489@cameron.egr.duke.edu>
Subject: Re: Authority of Public Universities
In article <1489@cameron.egr.duke.edu> jpe@egr.duke.edu (John P. Eisenmenger) writes:
>
>It would be nice if this group could turn its discussion towards the creation
>of a template for a thorough and fair computing policy. Any possibility of
>this happening people? I'd be willing to throw out topics for comments,
>editing, etc., but only if the discussion could be constructive and not
>degenerate into a flame slugfest.
>
Ah, to come back from vacation and hear a voice of reason amid the same
threads (the infamous "ohio state" thread and son-of-ohio-state, the
"wayne state" thread...:-))
In answer to John's question, there is an OFFICIAL RFC out (RFC 1244)
entitled "Site Security Handbook" by P. Holbrook and J. Reynolds that is
a "first attempt at providing Internet users guidance on how to deal
with security issues in the Internet. This handbook is meant to be a
starting place for further research and should be viewed as a useful
resource, but not the final authority." (quote from the description
of the RFC).
RFC are available via anonymous FTP from FTP.NISC.SRI.COM, NIS.NSF.NET
or NISC.JVNC.NET. SRI also provides an automatic mail service for those
site which cannot use FTP. Send a request to MAIL-SERVER@NISC.SRI.COM
and place the RFC number in the subject field. EXAMPLE: send RFC1244.
Multiple requests may be included in the same message.
I think we should applaud the Site Security Policy Handbook Working
Group of the IETF for their efforts in this area. The existence of this
newsgroup is proof that sysadmins need some guidance.
And now back to our currently running threads......:-)
-Randy Marchany
VA Tech Computing Center
Blacksburg, VA 24060
"my opinions are my own"
-------------------
From: TK0JUT1@MVS.CSO.NIU.EDU
Message-ID: <9108052013.AA05753@eff.org>
Date: 5 Aug 91 19:32:00 GMT
Subject: Re: Fundamentalists vs. Academic Freedom
A few of the recent assailants of "politically correct" thought (eg D'Souza,
Kimball, Sykes, Bloom, et. al.) have attacked "cultural pluralism,"
deconstruction, and anything else that appears critical, historical, or out of
their narrow view of what should be taught especially in the humanities. Each
of these authors seems to think the the commiepinkolefties from the 1960s have
taken over the universities as "deconstructionists" of the 1990s and are
continuing their radical agenda as tenured profs and deans. PC-ers are under
every bed, they seem to think, but their arguments, including Bloom who
started it all) are reflect the adagae that the worse the logic, the more
dramatic the conclusions. As one reviewer said, the persuasiveness of their
arguments depend upon the ignorance of the audience. In the view of these
authors, "critical thinking" is a threat to civilization.
Jim Thomas
-------------------
From: bkottmann@falcon.aamrl.wpafb.af.mil (Brett Kottmann)
Date: 5 Aug 91 13:52:21 EST
Message-ID: <1991Aug5.135221.319@falcon.aamrl.wpafb.af.mil>
References: <5493@orbit.cts.com> <26367@well.sf.ca.us> <1991Jul29.080259.13108@zorch.SF-Bay.ORG>
Subject: Re: Deprecating grad credit transfer as a restraint o
In article <1991Jul29.080259.13108@zorch.SF-Bay.ORG>, xanthian@zorch.SF-Bay.ORG (Kent Paul Dolan) writes:
> nagle@well.sf.ca.us (John Nagle) writes:
>
>> I respect this person for putting his money where
>> his mouth is, by withdrawing from the school over
>> this issue. An effort by the school to collect
>> from him could be interesting, since he's raising
>> a breach of contract issue. I doubt that they will
>> make a major effort to collect if it is made clear
>> that they will have to justify their behavior in
>> court.
>
Schools will almost always lose this kind of case, unless the student
really does have no basis to make these claims. All of the rules and
regulations they have written to attempt to tie down the student have also
cocooned them into a corner when it comes to providing a specific service for
the quarterly/semester tithe the student pays.
>
> Unfortunately, that option involves not just a
> _little_ money for most folks, since university
> graduate programs typically refuse to transfer in
> more than six credits (two classes) of graduate
> school credit toward a degree; this is monopolism at
> its very worst, a vast conspiracy in restraint of
> "trade"; and the result is that once you've put in a
> little time toward an advanced degree, the
> university has a pretty heavy mortal lock on your
> billfold -- withdraw and lose most of those bought,
>...
I still opted to leave a certain university in Dayton, Ohio (not UD and
not Sinclair :). I had every class finished and only the thesis to do, but it
became clear that certain individuals would do everything in their power to
keep me from actually getting the degree, or at least long enough to spend
another four thousand dollars there.
I have the transcipts with the grades though. My employers understand
why it's not topped off with the piece of paper.
> Were credits freely transferable, students could
> shop for a better deal, and such abusive behavior
> would quickly find itself without a target.
>
Yup.
> My (only modestly paranoid) contention is that that
> is _exactly_ the true reason for the limited
> transferability of grad credits, not the BS about
> "unable to easily evaluate other universities'
> course content value" usually given.
>
> Comments?
Nail. Head. Hammer. *bang*
Brett
=============================OFFICIAL=DISCLAIMER================================
The opinions and views expressed here are strictly my own and do not
necessarily reflect the official position of either the U.S. Air Force
or its contractors.
=====================DO=NOT=REMOVE=TAG=UNDER=PENALTY=OF=LAW===:)================
From helen@eff.org Wed Aug 7 09:43:40 1991
Reply-To: comp-academic-freedom-talk@eff.org
Precedence: bulk
To: comp-academic-freedom-talk@eff.org
Return-Path:
From: helen@eff.org (Helen C. O'Boyle)
Subject: Computers and Academic Freedom mailing list (batch edition)
Date: Tue, 6 Aug 91 21:38:14 EDT
Status: RO
Computers and Academic Freedom mailing list (batch edition)
Tue Aug 6 21:34:12 EDT 1991
In this issue:
FBBIRNBA%CUTCV2.BI : Question re archives for this list
helen@eff.org (Hel : Contents of comp-academic-freedom archives @ eff.org
FBBIRNBA%CUTCV2.BI : Thanks for index info!
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
-------------------
Date: 6 Aug 91 14:12:00 GMT
From: FBBIRNBA%CUTCV2.BITNET@CUNYVM.CUNY.EDU (Freda B. Birnbaum, 678-3491)
Message-ID: <9108061413.AA13902@eff.org>
Subject: Question re archives for this list
Distribution-File:
comp-academic-freedom-talk@eff.org
Does anyone know
1) if there are archives to this list?
2) where and how to get them?
(The HELP file from the listserv doesn't mention any REVIEW or GET
sorts of commands.)
+---------------------------------------------------------------------+
| Freda Birnbaum, Sr Prog/Analyst Teachers College, Columbia U. |
| BITNET: JNET%"FBBIRNBAUM@CUTCV2" CCIMS, Box 43 |
| 212-678-3491 (Eastern time) New York, NY 10027 USA |
+------------- Call on God, but row away from the rocks --------------+
-------------------
Date: Tue, 6 Aug 1991 17:41:58 GMT
From: helen@eff.org (Helen C. O'Boyle)
Message-ID: <1991Aug6.174158.4108@eff.org>
Subject: Contents of comp-academic-freedom archives @ eff.org
Below is the file "academic/README" from eff.org, describing the current
contents of the CAF Archive available for anonymous ftp on "eff.org".
--------------------------- Cut here --------------------------------------
=================
README
-----------------
Computers and Academic Freedom (CAF) Archive
This is an electronic library of information about computers and
academic freedom.
It is available via anonymous ftp to eff.org (192.88.144.3) in
directory "academic". For more information, to make contributions, or
to report typos contract Carl Kadie (kadie@eff.org).
=================
batch
-----------------
This is a directory of notes that have been sent over the
comp-academic-freedom mailing list. Each file is a list
of one week's notes (in batch form). Also, see "news".
=================
batchin
-----------------
This is a list of all notes that have been sent over the
comp-academic-freedom mailing list. The notes are in the batch
(digest) format.
=================
caf
-----------------
A discription to the comp-academic-freedom-talk mailing list.
=================
ecpa.1986
-----------------
Portions of the Electronic Communications Privacy Act of 1986 (ECPA) related
to e-mail privacy.
=================
eff.rights
-----------------
An overview of the electronic frontier and the U.S Bill of Rights
=================
email.privacy.essay
-----------------
"Computer Electronic Mail and Privacy", an edited version of a law
school seminar paper by Ruel T. Hernadex
=================
jmcabstract
-----------------
Professor John McCarthy lead the effort to restore "rec.humor.funny"
at Stanford. In March of 1991, he travelled to the University of
Waterloo, a place where "rec.humor.funny" was (and still is) banned.
At Waterloo, he gave one talk on a new computer language and a second
talk on "Network Publication and Free Expression". This is the
abstract of that talk. (Also, see "stanford.statements")
=================
k12.networks.survey
-----------------
Results of a survey by EDUCOM and IBM on the status of
computer networking in K12 education.
=================
library.canada
-----------------
Canadian Library Association Statement on Intellectual Freedom
=================
library.porn
-----------------
A parody of a real newpaper article published in the Houston Chronicle. The
parody is by Carl Kadie. It was published in rec.humor.funny.
=================
library.porn.real
-----------------
A real newpaper article published in the Houston Chronicle. The
parody is in file library.porn.
=================
library.us
-----------------
The "Freedom to Read Statement" of the American Library Association
and Association of American Publishers.
=================
library.us.excerpts
-----------------
Excepts from the "Freedom to Read Statement" of the American Library
Association and Association of American Publishers.
=================
listserv.tar
-----------------
Listserv code for Unix
We got the code from UCSD. We improved it (mostly with modifications
to the Makefile). Sadly, there is no real documention.
=================
members.ps
-----------------
A plot of the number of mailing list members over time. The plot shows
the membership of each version of the list (talk, batch, and news).
The plot goes from April 10, 1991 to June 7, 1991. On June 7th there
were 300 mailing list members. (The newsgroup readership is unknown.)
To see the plot, print the file on a postscript printer.
=================
ncsa.email
-----------------
The National Center for Supercomputer Applications (NCSA) is a department
in the University of Illinois' Graduate College. On April 1, 1991
the NCSA set down a new e-mail policy. The policy was cleared by the
University's legal counsel and the Graduate College. Faculty, students,
and researchers, however, were not consulted.
This note has three parts. The first is a critique of the policy. The
critique concludes that the policy is inconsistant with the
Consitution, Academic Freedom, and University policy. The second part
of this notes is the text of the policy. The third part is notes from
a conversation with an NCSA Administrator.
[On of April 23, 1991 (14 hours after this information was distributed),
the NCSA as decided to revise its policy.]
=================
news
-----------------
This is a directory of all issues of the Computers and Academic
Freedom News. The special best-of-the-month issues are named
with their month, for example, news/June.
=================
newsin
-----------------
This is a list of all issues of the Computers and Academic Freedom News.
=================
nsf
-----------------
The tentative statement by the National Science Foundation on
acceptable use of the backbone networks.
=================
ocf.bylaws
-----------------
These are the bylaws of Berkeley's Open Computing Facility, an
organization that democratically manages computer resources for
thousands of users.
=================
ocf.constitution
-----------------
This is the Constitution of Berkeley's Open Computing Facility, an
organization that democratically manages computer resources for
thousands of users.
=================
ohio-state
-----------------
All the notes from CAF-talk related to Steven Brack and Ohio State.
=================
reg2rights
-----------------
The history of student regulations at the University of Illinois
>from 1904 to present. Shows how policies evolve.
=================
stanford.statements
-----------------
"In 1989 rec.humor.funny was suppressed in some of the Stanford
University computers. After a campaign it was re-installed in those
computers."
This file contains
1) the "Statement of Protest about the AIR Censorship of rec.humor.funny"
2) a statement by the Stanford faculty committee on libraries
3) Notes from Professor John McCarthy on how censorship was fought at Stanford
(also see "jmcabstract")
=================
student.freedoms
-----------------
Joint Statement on Rights and Freedoms of Students -- This is the main
statement on student academic freedom.
=================
uiuc.code.excerpts
-----------------
Excerpts from the University of Illinois at Urbana-Champaign's Code on
Campus Affairs and Regulations Applying to All Students (Aug. 1985)
=================
widener
-----------------
The computer polices of many schools. This is a directory of files.
For a description of the file see file widener/Index. (The files are
>from the Computer Underground Digest archives, available via anonymous
ftp from ftp.cs.widener.edu.)
=================
=================
Last update
Thu Jul 11 16:59:35 EDT 1991
From kadie Fri Aug 9 13:36:18 1991
To: cafb-mail
Subject: Computers and Academic Freedom mailing list (batch edition)
Computers and Academic Freedom mailing list (batch edition)
Fri Aug 9 13:35:21 EDT 1991
In this issue:
marchany@vtserf.cc : Re: Authority of Public Universities
TK0JUT1%MVS.CSO.NI : Re: Fundamentalists vs. Academic Freedom
References: <1991Jul30.202126.7529@eff.org>, <1489@cameron.egr.duke.edu>
Subject: Re: Authority of Public Universities
In article <1489@cameron.egr.duke.edu> jpe@egr.duke.edu (John P. Eisenmenger) writes:
>
>It would be nice if this group could turn its discussion towards the creation
>of a template for a thorough and fair computing policy. Any possibility of
>this happening people? I'd be willing to throw out topics for comments,
>editing, etc., but only if the discussion could be constructive and not
>degenerate into a flame slugfest.
>
Ah, to come back from vacation and hear a voice of reason amid the same
threads (the infamous "ohio state" thread and son-of-ohio-state, the
"wayne state" thread...:-))
In answer to John's question, there is an OFFICIAL RFC out (RFC 1244)
entitled "Site Security Handbook" by P. Holbrook and J. Reynolds that is
a "first attempt at providing Internet users guidance on how to deal
with security issues in the Internet. This handbook is meant to be a
starting place for further research and should be viewed as a useful
resource, but not the final authority." (quote from the description
of the RFC).
RFC are available via anonymous FTP from FTP.NISC.SRI.COM, NIS.NSF.NET
or NISC.JVNC.NET. SRI also provides an automatic mail service for those
site which cannot use FTP. Send a request to MAIL-SERVER@NISC.SRI.COM
and place the RFC number in the subject field. EXAMPLE: send RFC1244.
Multiple requests may be included in the same message.
I think we should applaud the Site Security Policy Handbook Working
Group of the IETF for their efforts in this area. The existence of this
newsgroup is proof that sysadmins need some guidance.
And now back to our currently running threads......:-)
-Randy Marchany
VA Tech Computing Center
Blacksburg, VA 24060
"my opinions are my own"
-------------------
Message-Id: <9108052013.AA05753@eff.org>
From: TK0JUT1%MVS.CSO.NIU.EDU@UICVM.uic.edu
Subject: Re: Fundamentalists vs. Academic Freedom
A few of the recent assailants of "politically correct" thought (eg D'Souza,
Kimball, Sykes, Bloom, et. al.) have attacked "cultural pluralism,"
deconstruction, and anything else that appears critical, historical, or out of
their narrow view of what should be taught especially in the humanities. Each
of these authors seems to think the the commiepinkolefties from the 1960s have
taken over the universities as "deconstructionists" of the 1990s and are
continuing their radical agenda as tenured profs and deans. PC-ers are under
every bed, they seem to think, but their arguments, including Bloom who
started it all) are reflect the adagae that the worse the logic, the more
dramatic the conclusions. As one reviewer said, the persuasiveness of their
arguments depend upon the ignorance of the audience. In the view of these
authors, "critical thinking" is a threat to civilization.
Jim Thomas
-------------------
Message-Id: <9108061413.AA13902@eff.org>
From: (Freda B. Birnbaum, 678-3491)
Subject: Question re archives for this list
Distribution-File:
comp-academic-freedom-talk@eff.org
Does anyone know
1) if there are archives to this list?
2) where and how to get them?
(The HELP file from the listserv doesn't mention any REVIEW or GET
sorts of commands.)
+---------------------------------------------------------------------+
| Freda Birnbaum, Sr Prog/Analyst Teachers College, Columbia U. |
| BITNET: JNET%"FBBIRNBAUM@CUTCV2" CCIMS, Box 43 |
| 212-678-3491 (Eastern time) New York, NY 10027 USA |
+------------- Call on God, but row away from the rocks --------------+
-------------------
Date: Tue, 6 Aug 1991 17:41:58 GMT
From: helen@eff.org (Helen C. O'Boyle)
Message-Id: <1991Aug6.174158.4108@eff.org>
Subject: Contents of comp-academic-freedom archives @ eff.org
Below is the file "academic/README" from eff.org, describing the current
contents of the CAF Archive available for anonymous ftp on "eff.org".
--------------------------- Cut here --------------------------------------
=================
README
-----------------
Computers and Academic Freedom (CAF) Archive
This is an electronic library of information about computers and
academic freedom.
It is available via anonymous ftp to eff.org (192.88.144.3) in
directory "academic". For more information, to make contributions, or
to report typos contract Carl Kadie (kadie@eff.org).
=================
batch
-----------------
This is a directory of notes that have been sent over the
comp-academic-freedom mailing list. Each file is a list
of one week's notes (in batch form). Also, see "news".
=================
batchin
-----------------
This is a list of all notes that have been sent over the
comp-academic-freedom mailing list. The notes are in the batch
(digest) format.
=================
caf
-----------------
A discription to the comp-academic-freedom-talk mailing list.
=================
ecpa.1986
-----------------
Portions of the Electronic Communications Privacy Act of 1986 (ECPA) related
to e-mail privacy.
=================
eff.rights
-----------------
An overview of the electronic frontier and the U.S Bill of Rights
=================
email.privacy.essay
-----------------
"Computer Electronic Mail and Privacy", an edited version of a law
school seminar paper by Ruel T. Hernadex
=================
jmcabstract
-----------------
Professor John McCarthy lead the effort to restore "rec.humor.funny"
at Stanford. In March of 1991, he travelled to the University of
Waterloo, a place where "rec.humor.funny" was (and still is) banned.
At Waterloo, he gave one talk on a new computer language and a second
talk on "Network Publication and Free Expression". This is the
abstract of that talk. (Also, see "stanford.statements")
=================
k12.networks.survey
-----------------
Results of a survey by EDUCOM and IBM on the status of
computer networking in K12 education.
=================
library.canada
-----------------
Canadian Library Association Statement on Intellectual Freedom
=================
library.porn
-----------------
A parody of a real newpaper article published in the Houston Chronicle. The
parody is by Carl Kadie. It was published in rec.humor.funny.
=================
library.porn.real
-----------------
A real newpaper article published in the Houston Chronicle. The
parody is in file library.porn.
=================
library.us
-----------------
The "Freedom to Read Statement" of the American Library Association
and Association of American Publishers.
=================
library.us.excerpts
-----------------
Excepts from the "Freedom to Read Statement" of the American Library
Association and Association of American Publishers.
=================
listserv.tar
-----------------
Listserv code for Unix
We got the code from UCSD. We improved it (mostly with modifications
to the Makefile). Sadly, there is no real documention.
=================
members.ps
-----------------
A plot of the number of mailing list members over time. The plot shows
the membership of each version of the list (talk, batch, and news).
The plot goes from April 10, 1991 to June 7, 1991. On June 7th there
were 300 mailing list members. (The newsgroup readership is unknown.)
To see the plot, print the file on a postscript printer.
=================
ncsa.email
-----------------
The National Center for Supercomputer Applications (NCSA) is a department
in the University of Illinois' Graduate College. On April 1, 1991
the NCSA set down a new e-mail policy. The policy was cleared by the
University's legal counsel and the Graduate College. Faculty, students,
and researchers, however, were not consulted.
This note has three parts. The first is a critique of the policy. The
critique concludes that the policy is inconsistant with the
Consitution, Academic Freedom, and University policy. The second part
of this notes is the text of the policy. The third part is notes from
a conversation with an NCSA Administrator.
[On of April 23, 1991 (14 hours after this information was distributed),
the NCSA as decided to revise its policy.]
=================
news
-----------------
This is a directory of all issues of the Computers and Academic
Freedom News. The special best-of-the-month issues are named
with their month, for example, news/June.
=================
newsin
-----------------
This is a list of all issues of the Computers and Academic Freedom News.
=================
nsf
-----------------
The tentative statement by the National Science Foundation on
acceptable use of the backbone networks.
=================
ocf.bylaws
-----------------
These are the bylaws of Berkeley's Open Computing Facility, an
organization that democratically manages computer resources for
thousands of users.
=================
ocf.constitution
-----------------
This is the Constitution of Berkeley's Open Computing Facility, an
organization that democratically manages computer resources for
thousands of users.
=================
ohio-state
-----------------
All the notes from CAF-talk related to Steven Brack and Ohio State.
=================
reg2rights
-----------------
The history of student regulations at the University of Illinois
from 1904 to present. Shows how policies evolve.
=================
stanford.statements
-----------------
"In 1989 rec.humor.funny was suppressed in some of the Stanford
University computers. After a campaign it was re-installed in those
computers."
This file contains
1) the "Statement of Protest about the AIR Censorship of rec.humor.funny"
2) a statement by the Stanford faculty committee on libraries
3) Notes from Professor John McCarthy on how censorship was fought at Stanford
(also see "jmcabstract")
=================
student.freedoms
-----------------
Joint Statement on Rights and Freedoms of Students -- This is the main
statement on student academic freedom.
=================
uiuc.code.excerpts
-----------------
Excerpts from the University of Illinois at Urbana-Champaign's Code on
Campus Affairs and Regulations Applying to All Students (Aug. 1985)
=================
widener
-----------------
The computer polices of many schools. This is a directory of files.
For a description of the file see file widener/Index. (The files are
from the Computer Underground Digest archives, available via anonymous
ftp from ftp.cs.widener.edu.)
=================
=================
Last update
Thu Jul 11 16:59:35 EDT 1991
-------------------
Message-Id: <9108061850.AA05151@eff.org>
From: (Freda B. Birnbaum, 678-3491)
Subject: Thanks for index info!
Distribution-File:
comp-academic-freedom-talk@eff.org
MANY THANKS for the information-filled mail re academic freedom archives!
Freda Birnbaum aka FBBIRNBAUM@CUTCV2.BITNET
-------------------
From: Mark W Wheatley
Message-Id: <199108070504.AA23183@uokmax.ecn.uoknor.edu>
Subject: Re: Fundamentalists vs. Academic Freedom
Date: Wed, 7 Aug 91 0:04:38 CDT
X-Mailer: ELM [version 2.3 PL11]
Not sure how to say this, but it's kinda nice to know that Oklahoma
is not the only place with such narrow minded thinking and such. I am not saying
such thinking is good, but at least (unfortunately) Oklahoma is not in the
minority on this matter.
--
* University of Oklahoma * Mark W. Wheatley *
* Norman Campus * mwwheatl@uokmax.ecn.uoknor.edu *
* BS in Computer Science May 1992 * CIS: 72417,3171 *
* Member - Triangle Fratenity & ACM * "More drinking - less talking!" -JDT *
-------------------
Date: Wed, 7 Aug 1991 16:31:31 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug7.163131.23490@eff.org>
References: <1991Jul30.202126.7529@eff.org>, <1489@cameron.egr.duke.edu>, <2072@vtserf.cc.vt.edu>
Subject: Re: Authority of Public Universities
marchany@vtserf.cc.vt.edu (Randy Marchany) writes:
[...]
>In answer to John's question, there is an OFFICIAL RFC out (RFC 1244)
>entitled "Site Security Handbook" by P. Holbrook and J. Reynolds that is
>a "first attempt at providing Internet users guidance on how to deal
>with security issues in the Internet. This handbook is meant to be a
>starting place for further research and should be viewed as a useful
>resource, but not the final authority." (quote from the description
>of the RFC).
[...]
The document is about 100 pages long. It is mostly about security
(physical security, security audits, incident handling, etc).
It is very general. It applies as much to a free student account at a
university as to an internet connected machine at a military base.
Here are some excerpts related to computer policy creation. [The full
RFC (request for comment) is available via anonymous ftp from eff.org
as file academic/rfc1244.txt.]
- Carl
--------------------------
[...]
2.1.2 Who Makes the Policy?
Policy creation must be a joint effort by technical personnel, who
understand the full ramifications of the proposed policy and the
implementation of the policy, and by decision makers who have the
power to enforce the policy. A policy which is neither
implementable nor enforceable is useless.
Since a computer security policy can affect everyone in an
organization, it is worth taking some care to make sure you have
the right level of authority in on the policy decisions. Though a
particular group (such as a campus information services group) may
have responsibility for enforcing a policy, an even higher group
may have to support and approve the policy.
[...]
2.3 Policy Issues
There are a number of issues that must be addressed when developing a
security policy. These are:
1. Who is allowed to use the resources?
2. What is the proper use of the resources?
3. Who is authorized to grant access and approve usage?
4. Who may have system administration privileges?
5. What are the user's rights and responsibilities?
6. What are the rights and responsibilities of the
system administrator vs. those of the user?
7. What do you do with sensitive information?
These issues will be discussed below. In addition you may wish to
include a section in your policy concerning ethical use of computing
resources. Parker, Swope and Baker [17, PARKER90] and Forester and
Morrison [18, FORESTER] are two useful references that address
ethical issues.
2.3.1 Who is Allowed to use the Resources?
One step you must take in developing your security policy is
defining who is allowed to use your system and services. The
policy should explicitly state who is authorized to use what
resources.
2.3.2 What is the Proper Use of the Resources?
After determining who is allowed access to system resources it is
necessary to provide guidelines for the acceptable use of the
resources. You may have different guidelines for different types
of users (i.e., students, faculty, external users). The policy
should state what is acceptable use as well as unacceptable use.
It should also include types of use that may be restricted.
Define limits to access and authority. You will need to consider
the level of access various users will have and what resources
will be available or restricted to various groups of people.
Your acceptable use policy should clearly state that individual
users are responsible for their actions. Their responsibility
exists regardless of the security mechanisms that are in place.
It should be clearly stated that breaking into accounts or
bypassing security is not permitted.
The following points should be covered when developing an
acceptable use policy:
o Is breaking into accounts permitted?
o Is cracking passwords permitted?
o Is disrupting service permitted?
o Should users assume that a file being world-readable
grants them the authorization to read it?
o Should users be permitted to modify files that are
not their own even if they happen to have write
permission?
o Should users share accounts?
The answer to most of these questions will be "no".
You may wish to incorporate a statement in your policies
concerning copyrighted and licensed software. Licensing
agreements with vendors may require some sort of effort on your
part to ensure that the license is not violated. In addition, you
may wish to inform users that the copying of copyrighted software
may be a violation of the copyright laws, and is not permitted.
Specifically concerning copyrighted and/or licensed software, you
may wish to include the following information:
o Copyrighted and licensed software may not be duplicated
unless it is explicitly stated that you may do so.
o Methods of conveying information on the
copyright/licensed status of software.
o When in doubt, DON'T COPY.
Your acceptable use policy is very important. A policy which does
not clearly state what is not permitted may leave you unable to
prove that a user violated policy.
There are exception cases like tiger teams and users or
administrators wishing for "licenses to hack" -- you may face the
situation where users will want to "hack" on your services for
security research purposes. You should develop a policy that will
determine whether you will permit this type of research on your
services and if so, what your guidelines for such research will
be.
Points you may wish to cover in this area:
o Whether it is permitted at all.
o What type of activity is permitted: breaking in, releasing
worms, releasing viruses, etc..
o What type of controls must be in place to ensure that it
does not get out of control (e.g., separate a segment of
your network for these tests).
o How you will protect other users from being victims of
these activities, including external users and networks.
o The process for obtaining permission to conduct these
tests.
In cases where you do permit these activities, you should isolate
the portions of the network that are being tested from your main
network. Worms and viruses should never be released on a live
network.
You may also wish to employ, contract, or otherwise solicit one or
more people or organizations to evaluate the security of your
services, of which may include "hacking". You may wish to provide
for this in your policy.
2.3.3 Who Is Authorized to Grant Access and Approve Usage?
Your policy should state who is authorized to grant access to your
services. Further, it must be determined what type of access they
are permitted to give. If you do not have control over who is
granted access to your system, you will not have control over who
is using your system. Controlling who has the authorization to
grant access will also enable you to know who was or was not
granting access if problems develop later.
There are many schemes that can be developed to control the
distribution of access to your services. The following are the
factors that you must consider when determining who will
distribute access to your services:
o Will you be distributing access from a centralized
point or at various points?
You can have a centralized distribution point to a distributed
system where various sites or departments independently authorize
access. The trade off is between security and convenience. The
more centralized, the easier to secure.
o What methods will you use for creating accounts and
terminating access?
From a security standpoint, you need to examine the mechanism that
you will be using to create accounts. In the least restrictive
case, the people who are authorized to grant access would be able
to go into the system directly and create an account by hand or
through vendor supplied mechanisms. Generally, these mechanisms
place a great deal of trust in the person running them, and the
person running them usually has a large amount of privileges. If
this is the choice you make, you need to select someone who is
trustworthy to perform this task. The opposite solution is to
have an integrated system that the people authorized to create
accounts run, or the users themselves may actually run. Be aware
that even in the restrictive case of having a mechanized facility
to create accounts does not remove the potential for abuse.
You should have specific procedures developed for the creation of
accounts. These procedures should be well documented to prevent
confusion and reduce mistakes. A security vulnerability in the
account authorization process is not only possible through abuse,
but is also possible if a mistake is made. Having clear and well
documented procedure will help ensure that these mistakes won't
happen. You should also be sure that the people who will be
following these procedures understand them.
The granting of access to users is one of the most vulnerable of
times. You should ensure that the selection of an initial
password cannot be easily guessed. You should avoid using an
initial password that is a function of the username, is part of
the user's name, or some algorithmically generated password that
can easily be guessed. In addition, you should not permit users
to continue to use the initial password indefinitely. If
possible, you should force users to change the initial password
the first time they login. Consider that some users may never
even login, leaving their password vulnerable indefinitely. Some
sites choose to disable accounts that have never been accessed,
and force the owner to reauthorize opening the account.
2.3.4 Who May Have System Administration Privileges?
One security decision that needs to be made very carefully is who
will have access to system administrator privileges and passwords
for your services. Obviously, the system administrators will need
access, but inevitably other users will request special
privileges. The policy should address this issue. Restricting
privileges is one way to deal with threats from local users. The
challenge is to balance restricting access to these to protect
security with giving people who need these privileges access so
that they can perform their tasks. One approach that can be taken
is to grant only enough privilege to accomplish the necessary
tasks.
Additionally, people holding special privileges should be
accountable to some authority and this should also be identified
within the site's security policy. If the people you grant
privileges to are not accountable, you run the risk of losing
control of your system and will have difficulty managing a
compromise in security.
2.3.5 What Are The Users' Rights and Responsibilities?
The policy should incorporate a statement on the users' rights and
responsibilities concerning the use of the site's computer systems
and services. It should be clearly stated that users are
responsible for understanding and respecting the security rules of
the systems they are using. The following is a list of topics
that you may wish to cover in this area of the policy:
o What guidelines you have regarding resource consumption
(whether users are restricted, and if so, what the
restrictions are).
o What might constitute abuse in terms of system performance.
o Whether users are permitted to share accounts or let others
use their accounts.
o How "secret" users should keep their passwords.
o How often users should change their passwords and any other
password restrictions or requirements.
o Whether you provide backups or expect the users to create
their own.
o Disclosure of information that may be proprietary.
o Statement on Electronic Mail Privacy (Electronic
Communications Privacy Act).
o Your policy concerning controversial mail or postings to
mailing lists or discussion groups (obscenity, harassment,
etc.).
o Policy on electronic communications: mail forging, etc.
The Electronic Mail Association sponsored a white paper on the
privacy of electronic mail in companies [4]. Their basic
recommendation is that every site should have a policy on the
protection of employee privacy. They also recommend that
organizations establish privacy policies that deal with all media,
rather than singling out electronic mail.
They suggest five criteria for evaluating any policy:
1. Does the policy comply with law and with duties to
third parties?
2. Does the policy unnecessarily compromise the interest of
the employee, the employer or third parties?
3. Is the policy workable as a practical matter and likely to
be enforced?
4. Does the policy deal appropriately with all different
forms of communications and record keeping with the office?
5. Has the policy been announced in advance and agreed to by
all concerned?
2.3.6 What Are The Rights and Responsibilities of System
Administrators Versus Rights of Users
There is a tradeoff between a user's right to absolute privacy and
the need of system administrators to gather sufficient information
to diagnose problems. There is also a distinction between a
system administrator's need to gather information to diagnose
problems and investigating security violations. The policy should
specify to what degree system administrators can examine user
files to diagnose problems or for other purposes, and what rights
you grant to the users. You may also wish to make a statement
concerning system administrators' obligation to maintaining the
privacy of information viewed under these circumstances. A few
questions that should be answered are:
o Can an administrator monitor or read a user's files
for any reason?
o What are the liabilities?
o Do network administrators have the right to examine
network or host traffic?
2.3.7 What To Do With Sensitive Information
Before granting users access to your services, you need to
determine at what level you will provide for the security of data
on your systems. By determining this, you are determining the
level of sensitivity of data that users should store on your
systems. You do not want users to store very sensitive
information on a system that you are not going to secure very
well. You need to tell users who might store sensitive
information what services, if any, are appropriate for the storage
of sensitive information. This part should include storing of
data in different ways (disk, magnetic tape, file servers, etc.).
Your policy in this area needs to be coordinated with the policy
concerning the rights of system administrators versus users (see
section 2.3.6).
2.4 What Happens When the Policy is Violated
It is obvious that when any type of official policy is defined, be it
related to computer security or not, it will eventually be broken.
The violation may occur due to an individual's negligence, accidental
mistake, having not been properly informed of the current policy, or
not understanding the current policy. It is equally possible that an
individual (or group of individuals) may knowingly perform an act
that is in direct violation of the defined policy.
When a policy violation has been detected, the immediate course of
action should be pre-defined to ensure prompt and proper enforcement.
An investigation should be performed to determine how and why the
violation occurred. Then the appropriate corrective action should be
executed. The type and severity of action taken varies depending on
the type of violation that occurred.
2.4.1 Determining the Response to Policy Violations
Violations to policy may be committed by a wide variety of users.
Some may be local users and others may be from outside the local
environment. Sites may find it helpful to define what it
considers "insiders" and "outsiders" based upon administrative,
legal or political boundaries. These boundaries imply what type
of action must be taken to correct the offending party; from a
written reprimand to pressing legal charges. So, not only do you
need to define actions based on the type of violation, you also
need to have a clearly defined series of actions based on the kind
of user violating your computer security policy. This all seems
rather complicated, but should be addressed long before it becomes
necessary as the result of a violation.
One point to remember about your policy is that proper education
is your best defense. For the outsiders who are using your
computer legally, it is your responsibility to verify that these
individuals are aware of the policies that you have set forth.
Having this proof may assist you in the future if legal action
becomes necessary.
As for users who are using your computer illegally, the problem is
basically the same. What type of user violated the policy and how
and why did they do it? Depending on the results of your
investigation, you may just prefer to "plug" the hole in your
computer security and chalk it up to experience. Or if a
significant amount of loss was incurred, you may wish to take more
drastic action.
2.4.2 What to do When Local Users Violate the Policy of a Remote
Site
In the event that a local user violates the security policy of a
remote site, the local site should have a clearly defined set of
administrative actions to take concerning that local user. The
site should also be prepared to protect itself against possible
actions by the remote site. These situations involve legal issues
which should be addressed when forming the security policy.
2.4.3 Defining Contacts and Responsibilities to Outside
Organizations
The local security policy should include procedures for
interaction with outside organizations. These include law
enforcement agencies, other sites, external response team
organizations (e.g., the CERT, CIAC) and various press agencies.
The procedure should state who is authorized to make such contact
and how it should be handled. Some questions to be answered
include:
o Who may talk to the press?
o When do you contact law enforcement and investigative agencies?
o If a connection is made from a remote site, is the
system manager authorized to contact that site?
o Can data be released? What kind?
Detailed contact information should be readily available along
with clearly defined procedures to follow.
2.4.4 What are the Responsibilities to our Neighbors and Other
Internet Sites?
The Security Policy Working Group within the IETF is working on a
document entitled, "Policy Guidelines for the Secure Operation of
the Internet" [23]. It addresses the issue that the Internet is a
cooperative venture and that sites are expected to provide mutual
security assistance. This should be addressed when developing a
site's policy. The major issue to be determined is how much
information should be released. This will vary from site to site
according to the type of site (e.g., military, education,
commercial) as well as the type of security violation that
occurred.
2.4.5 Issues for Incident Handling Procedures
Along with statements of policy, the document being prepared
should include procedures for incident handling. This is covered
in detail in the next chapter. There should be procedures
available that cover all facets of policy violation.
2.5 Locking In or Out
Whenever a site suffers an incident which may compromise computer
security, the strategies for reacting may be influenced by two
opposing pressures.
If management fears that the site is sufficiently vulnerable, it may
choose a "Protect and Proceed" strategy. This approach will have as
its primary goal the protection and preservation of the site
facilities and to provide for normalcy for its users as quickly as
possible. Attempts will be made to actively interfere with the
intruder's processes, prevent further access and begin immediate
damage assessment and recovery. This process may involve shutting
down the facilities, closing off access to the network, or other
drastic measures. The drawback is that unless the intruder is
identified directly, they may come back into the site via a different
path, or may attack another site.
The alternate approach, "Pursue and Prosecute", adopts the opposite
philosophy and goals. The primary goal is to allow intruders to
continue their activities at the site until the site can identify the
responsible persons. This approach is endorsed by law enforcement
agencies and prosecutors. The drawback is that the agencies cannot
exempt a site from possible user lawsuits if damage is done to their
systems and data.
Prosecution is not the only outcome possible if the intruder is
identified. If the culprit is an employee or a student, the
organization may choose to take disciplinary actions. The computer
security policy needs to spell out the choices and how they will be
selected if an intruder is caught.
Careful consideration must be made by site management regarding their
approach to this issue before the problem occurs. The strategy
adopted might depend upon each circumstance. Or there may be a
global policy which mandates one approach in all circumstances. The
pros and cons must be examined thoroughly and the users of the
facilities must be made aware of the policy so that they understand
their vulnerabilities no matter which approach is taken.
The following are checklists to help a site determine which strategy
to adopt: "Protect and Proceed" or "Pursue and Prosecute".
Protect and Proceed
1. If assets are not well protected.
2. If continued penetration could result in great
financial risk.
3. If the possibility or willingness to prosecute
is not present.
4. If user base is unknown.
5. If users are unsophisticated and their work is
vulnerable.
6. If the site is vulnerable to lawsuits from users, e.g.,
if their resources are undermined.
Pursue and Prosecute
1. If assets and systems are well protected.
2. If good backups are available.
3. If the risk to the assets is outweighed by the
disruption caused by the present and possibly future
penetrations.
4. If this is a concentrated attack occurring with great
frequency and intensity.
5. If the site has a natural attraction to intruders, and
consequently regularly attracts intruders.
6. If the site is willing to incur the financial (or other)
risk to assets by allowing the penetrator continue.
7. If intruder access can be controlled.
8. If the monitoring tools are sufficiently well-developed
to make the pursuit worthwhile.
9. If the support staff is sufficiently clever and knowledgable
about the operating system, related utilities, and systems
to make the pursuit worthwhile.
10. If there is willingness on the part of management to
prosecute.
11. If the system adminitrators know in general what kind of
evidence would lead to prosecution.
12. If there is established contact with knowledgeable law
enforcement.
13. If there is a site representative versed in the relevant
legal issues.
14. If the site is prepared for possible legal action from
its own users if their data or systems become compromised
during the pursuit.
2.6 Interpreting the Policy
It is important to define who will interpret the policy. This could
be an individual or a committee. No matter how well written, the
policy will require interpretation from time to time and this body
would serve to review, interpret, and revise the policy as needed.
2.7 Publicizing the Policy
Once the site security policy has been written and established, a
vigorous process should be engaged to ensure that the policy
statement is widely and thoroughly disseminated and discussed. A
mailing of the policy should not be considered sufficient. A period
for comments should be allowed before the policy becomes effective to
ensure that all affected users have a chance to state their reactions
and discuss any unforeseen ramifications. Ideally, the policy should
strike a balance between protection and productivity.
Meetings should be held to elicit these comments, and also to ensure
that the policy is correctly understood. (Policy promulgators are
not necessarily noted for their skill with the language.) These
meetings should involve higher management as well as line employees.
Security is a collective effort.
In addition to the initial efforts to publicize the policy, it is
essential for the site to maintain a continual awareness of its
computer security policy. Current users may need periodic reminders
New users should have the policy included as part of their site
introduction packet. As a condition for using the site facilities,
it may be advisable to have them sign a statement that they have read
and understood the policy. Should any of these users require legal
action for serious policy violations, this signed statement might
prove to be a valuable aid.
[...]
3.8 Communicating Security Policy
Security policies, in order to be effective, must be communicated to
both the users of the system and the system maintainers. This
section describes what these people should be told, and how to tell
them.
3.8.1 Educating the Users
Users should be made aware of how the computer systems are
expected to be used, and how to protect themselves from
unauthorized users.
3.8.1.1 Proper Account/Workstation Use
All users should be informed about what is considered the
"proper" use of their account or workstation ("proper" use is
discussed in section 2.3.2). This can most easily be done at
the time a user receives their account, by giving them a policy
statement. Proper use policies typically dictate things such
as whether or not the account or workstation may be used for
personal activities (such as checkbook balancing or letter
writing), whether profit-making activities are allowed, whether
game playing is permitted, and so on. These policy statements
may also be used to summarize how the computer facility is
licensed and what software licenses are held by the
institution; for example, many universities have educational
licenses which explicitly prohibit commercial uses of the
system. A more complete list of items to consider when writing
a policy statement is given in section 2.3.
[...]
[FORESTER]
Forester, T., and P. Morrison, "Computer Ethics: Tales and
Ethical Dilemmas in Computing", MIT Press, Cambridge, MA,
1990. (192 pages including index.)
From the preface: "The aim of this book is two-fold: (1) to
describe some of the problems created by society by computers,
and (2) to show how these problems present ethical dilemmas
for computers professionals and computer users.
The problems created by computers arise, in turn, from two
main sources: from hardware and software malfunctions and
from misuse by human beings. We argue that computer systems
by their very nature are insecure, unreliable, and
unpredictable -- and that society has yet to come to terms
with the consequences. We also seek to show how society
has become newly vulnerable to human misuse of computers in
the form of computer crime, software theft, hacking, the
creation of viruses, invasions of privacy, and so on."
The eight chapters include "Computer Crime", "Software
Theft", "Hacking and Viruses", "Unreliable Computers",
"The Invasion of Privacy", "AI and Expert Systems",
and "Computerizing the Workplace." Includes extensive
notes on sources and an index.
[...]
[PARKER90]
Parker, D., Swope, S., and B. Baker, "Ethical Conflicts:
Information and Computer Science, Technology and Business",
QED Information Sciences, Inc., Wellesley, MA. (245 pages).
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
-------------------
Date: Wed, 7 Aug 91 14:45:35 -0400
From: kadie (Carl M. Kadie)
Message-Id: <9108071845.AA26106@eff.org>
Subject: FYI: Censorship
From: jn11+@andrew.cmu.edu (Joseph M. Newcomer)
Subject: Censorship
Message-ID:
Date: 2 Aug 91 20:04:35 GMT
Back in the old days, when CMU hired high school students to file
output, we had to submit our jobs on punched cards with an 8-character
job name, the first four of which were our userid. All my jobs were
submitted as "JN11PHUQ". Several times the listings were filed with the
job id circled in bright red. One day I went to pick up output and
found only a note "to get your output, see the assistant director". The
conversation went something like this:
AD: "We confiscated your output"
JN: "Why?"
AD: "You had been warned repeatedly against using obscene job names, and
you disregarded our warnings and persisted in doing it"
JN: "What warnings?"
AD: "We repeatedly circled the name in red to indicate that it was
unacceptable"
JN: "I assumed the person bursting the output circled the job name to
make it easier for the filer to see"
AD: "No, and if you persist in using obscene job names we will revoke
your userid"
JN: (You and what army?) "What obscene job name?"
AD: "Right here: P-H-U-Q"
JN: "What is obscene about that?"
AD: "It spells "fuck""
JN: "You're being ridiculous. It is an acronym, from the Latin "Post
Hoc Utque Quid", which translates approximately as "After this, then
what?"
AD: "That's not how I read it"
JN: "You are threatening to terminate my account because you don't like
the Latin acronym for my job name? Would you like to explain to Dr.
Perlis why I can't get any research done?"
AD: "Just don't do it any more"
JN: "I promise that I will not submit any more jobs with obscene job
names" (Right, turkey, and I never had)
I continued to use that same job name for the rest of the year, until we
ditched OS/360.
Bureaucrat Baiting is my only blood sport.
joe
-------------------
Date: Wed, 7 Aug 1991 20:21:05 GMT
From: helen@eff.org (Helen C. O'Boyle)
Message-Id: <1991Aug7.202105.28513@eff.org>
References: <9108071845.AA26106@eff.org>
Subject: Re: FYI: Censorship
In article <9108071845.AA26106@eff.org> kadie@eff.org (Carl M. Kadie) writes:
>From: jn11+@andrew.cmu.edu (Joseph M. Newcomer)
>Newsgroups: alt.folklore.computers
>Subject: Censorship
>Message-ID:
>Date: 2 Aug 91 20:04:35 GMT
>
>Back in the old days, when CMU hired high school students to file
>output, we had to submit our jobs on punched cards with an 8-character
>job name, the first four of which were our userid. All my jobs were
>submitted as "JN11PHUQ".
> [...]
>I continued to use that same job name for the rest of the year, until we
>ditched OS/360.
>
>Bureaucrat Baiting is my only blood sport.
> joe
Yeah, that is an amusing anecdote! Say, I wonder how many schools generate
"random" passwords then match each against a list to see if it is an
"allowable" one (many four letter words are kicked out ;-). My undergrad
school did this. Alas, it was only an exact match and not a soundex
match. :-) My userid was "AB06O4A" and the assigned password was "IFUX".
Now, all together, this comes out to an interesting statement, albeit
one with poor grammar. Of course, I mentioned it (Baiting *can* be fun
sometimes), and the appropriate people laughed it off, as if it were not a
problem at all (though it did slightly annoy me). After all, "they didn't
mean it," and "they couldn't easily prevent it".
(A friend once told me that his solution for this is simply to make up
strings consisting ONLY of consonants.)
Seems to me that "license plate spelling" has the potential to cause all
sorts of consternation -- job names, "finger" entries, even file names.
The computer centers I know would not hesitate to zap students for standard
four letter words in those places, but obfuscated spellings would be
more difficult to disallow. I think it comes down to censoring words
(easier to do...make a list) vs. censoring ideas (makes academics
uncomfortable in general). As the poster above pointed out, there's
always some other semi-plausible explanation for the acronym/abbreviation.
Probably in many cases people _are_ just doing it to bait folks, in which
case I case I question WHY these people did the baiting to begin with, but
I also recognize that the best response is ignoring it. Sigh, when big
issues are made out of these things, they really BECOME big issues. However,
if folks see that such activities DON'T get them the attention they're
looking for, they'll probably go on to something else (hopefully no more
damaging) soon enough, and if it really WAS just a harmless coincidence,
what purpose does it really serve to make an issue out of it anyway?
--
* Helen C. O'Boyle * - isy5hob@cabell.vcu.edu
POSTING FROM HERE BECAUSE GNU GUEST FILES WERE BLOWN AWAY TODAY :-(
.... talk about people looking for attention..... Geeeeeeez!
-------------------
Date: Wed, 7 Aug 1991 21:04:13 GMT
From: kadie@eff.org (Carl M. Kadie)
Message-Id: <1991Aug7.210413.29519@eff.org>
Subject: re: Help Wanted
I'm happy to report that I've "hired" two folks to help
with the CAF mailing lists, archives, etc. They are
Helen O'Boyle - a grad student at Virginia Commonwealth University
(helen@eff.org)
William "Billy" Arnold - an undergrad student at VCU (warnold@eff.org).
Mail send to comp-academic-freedom-talk-request (or caf-talk-request)
or listmaster@eff.org will be received by one of the three of us.
Thanks to everyone who responded to my Help Wanted note.
- Carl
--
Carl Kadie -- kadie@eff.org or kadie@cs.uiuc.edu
I do not represent EFF; this is just me.
From comp-academic-freedom-talk-request@eff.org Thu Aug 15 02:55:32 1991
Received: from a.cs.uiuc.edu by herodotus.cs.uiuc.edu with SMTP
(5.62+/IDA-1.2.8) id AA13706; Thu, 15 Aug 91 02:55:30 -0500
Received: from eff.org by a.cs.uiuc.edu with SMTP id AA21107
(5.64+/IDA-1.3.4 for kadie@herodotus.cs.uiuc.edu); Thu, 15 Aug 91 02:55:01 -0500
Received: by eff.org (5.61+++/Spike-2.0)
id AA15011; Thu, 15 Aug 91 03:54:44 -0400
Reply-To: comp-academic-freedom-talk@eff.org
Precedence: bulk
To: comp-academic-freedom-talk@eff.org
Return-Path:
Received: by eff.org (5.61+++/Spike-2.0)
id AA15006; Thu, 15 Aug 91 03:54:42 -0400
Date: Thu, 15 Aug 91 03:54:42 -0400
From: helen@eff.org (Helen C. O'Boyle)
Message-Id: <9108150754.AA15006@eff.org>
Subject: Computers and Academic Freedom mailing list (batch edition)
Status: RO
Computers and Academic Freedom mailing list (batch edition)
Thu Aug 15 02:46:07 EDT 1991
In this issue:
bsc835!ehunt@uunet : Public/Private institutions
well!marcindc@appl : Computers and Academic Freedom (news version) 1.19
The addresses for the list are now:
comp-academic-freedom-talk@eff.org - for contributions to the list
or caf-talk@eff.org
listserv@eff.org - for automated additions/deletions
(send email with the line "help" for details.)
caf-talk-request@eff.org - for administrivia
-------------------
Date: Sat, 10 Aug 91 23:55:43 CDT
From: bsc835!ehunt@uunet.uu.net
Message-Id: <9108110456.AA10689@relay1.UU.NET>
Subject: Public/Private institutions
There has been much discussion about the various resposnsibilites a *public*
institution of higher learning has towards it's students. Many of those were
documented in CAF News vol.1 Issue #19.
My question is this: Do these same rules and precedents apply to private
colleges as well? I attend a Methodist affiliated private college in
Birmingham, AL, and am beginning to become unsure of my rights as a student
in a private institution. While we are a very small college (1850 enrollmnt)
and I've not had any problems whatsoever in these areas, I would feel better
if I had the knowledge that I was "covered" under the same legal umbrella
that the public schools are under.
Please send cc:'s of your response to my email address, as our site does not
get the alt. newgroup for this discussion, and I only subscribe to biweekly
(or whatever) publication of CAF.
--
Eric Hunt
Birmingham-Southern College, Birmingham, AL
"bsc835!ehunt@uunet.uu.net"
-------------------
Date: Sun, 11 Aug 91 13:54:24 pdt
From: well!marcindc@apple.com (Marc Rotenberg)
Message-Id: <9108112054.AA06428@well.sf.ca.us>
Subject: Re: Computers and Academic Freedom (news version) 1.19
Status: O
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Address Change:
Please note the following change and update
your mailing list:
Marc Rotenberg, CPSR Washington Office
rotenberg@washofc.cpsr.org
- - - - - - - -- - - - - - - - - - - - - - - - - - - - - -
